Blogs

Events

Stories

Attention: RHN Hosted will reach the end of its service life on July 31, 2017.
Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.
Learn more here

When the assert() system call was disabled, an input sanitization flaw wasrevealed in the Python string object implementation that led to a bufferoverflow. The missing check for negative size values meant the Pythonmemory allocator could allocate less memory than expected. This couldresult in arbitrary code execution with the Python interpreter'sprivileges. (CVE-2008-1887)

Multiple buffer and integer overflow flaws were found in the Python Unicodestring processing and in the Python Unicode and string objectimplementations. An attacker could use these flaws to cause a denial ofservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)

Multiple integer overflow flaws were found in the Python imageop module. Ifa Python application used the imageop module to process untrusted images,it could cause the application to crash or, potentially, execute arbitrarycode with the Python interpreter's privileges. (CVE-2008-1679,CVE-2008-4864)

Multiple integer underflow and overflow flaws were found in the Pythonsnprintf() wrapper implementation. An attacker could use these flaws tocause a denial of service (memory corruption). (CVE-2008-3144)

Multiple integer overflow flaws were found in various Python modules. Anattacker could use these flaws to cause a denial of service (Pythonapplication crash). (CVE-2008-2315, CVE-2008-3143)

An integer signedness error, leading to a buffer overflow, was foundin the Python zlib extension module. If a Python application requestedthe negative byte count be flushed for a decompression stream, it couldcause the application to crash or, potentially, execute arbitrary codewith the Python interpreter's privileges. (CVE-2008-1721)

Red Hat would like to thank David Remahl of the Apple Product Security teamfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.

All Python users should upgrade to these updated packages, which containbackported patches to correct these issues.

Solution

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.